Hello,
Using Newman + Htmlextra, I’m getting in both of them requests/responses with sensitive data displayed, showing variable values instead of only the variable itself. Is there a way to bypass this?
Ex:
Request URL displayed in Newman/htmlextra https://address.com/v2/method?api_key=qwerty123
Request URL expected to be displayed, as in Postman: {{urlAPI}}/method?api_key={{apiKey}}
Newman version 5.2.1
Htmlextra version 1.19.7
Hey @andrei_m
That section of the report is just presenting the resolved URL - There’s nothing in the reporter, that I’ve added, that would mask or hide those values.
Is it just the params that you would like to mask?
That is correct. For security reasons, Api Key should not be visible in the report, in any part of it.
Any suggestions, please?
Add something to the reporter to prevent that from showing 
Like I mentioned, the report will continue to show the fully resolved URL until some flag is added to remove that from view.
Thank you, this is my initial question. what could I add to prevent this?
I have tried skipSensitiveData, skipEnvironmentVars, other Newman flags, but without any result.
I fully understood what you’re trying to do here
I created the htmlextra reporter - There is nothing in the reporter that will mask/hide/change the URL, or any part of it, from being displayed on the final report.
A new feature will need to be added to the reporter to mask or hide the URL which could be controlled by a new CLI flag. None of the existing flags will do anything to the URL.
Hi,
I have the same problem and I´m just wondering if the new feature in Postman can be the solution. It´s possible to set ‘TYPE’ to ‘secret’ in the environments file now.
So a skipSecrets flag to come?
This is my workaround at the moment:
To keep using Postman for automated API tests, I really think this feature would be needed. I can’t have X-API-KEY displayed when it is passed as query parameter. For many older SOAP application, it is only feasible that way. I wish there is a way to omit URL requests
Welcome to the Postman Community! 
This isn’t a bad shout actually and something that can be done in the report in a basic way - I’ll look into this and see if there is scope to add that option. 